Η Adobe released security updates to address major vulnerabilities in Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.341 and earlier versions for Linux.
The new version aims to examine the following vulnerabilities in Adobe Flash Player:
- CVE-2014-0503: reported by security researcher "Masato Kinugawa", which allows attackers to bypass the policy of origin.
Attackers can exploit this issue in order to obtain access από πόρους άλλης προέλευσης, στο πλαίσιο ενός άλλου domain. Αυτό μπορεί να διευκολύνει τις attacks of fake cross-site requests.
- CVE-2014-0504: reported by "Jordan Milne", which could be used to read the contents of the clipboard. The Clipboard is used to store data such as text and pictures, but the error could allow hackers to fill it with malicious URLs.
Source: iguru.gr
